Dashboards & Visualizations

user487596
Explorer

The answer in this splunk blog post.

Somewhere in "System Configuration" we can configure integration with ES. Nuance - I opened this settings menu once, but the second time I can’t find it :grinning_face_with_smiling_eyes:

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @user487596 ,

to help you, I need some additional information:

what's your issue?

did you installed the Splunk MITRE ATT&CK app (https://splunkbase.splunk.com/app/4617 )?

are you working inside Enterprise Security or not?

Ciao.

Giuseppe

0 Karma

user487596
Explorer

Hi @gcusello ,

don't see "MITRE ATTACK App for Splunk" in apps; yes, i'am work inside Enterprise Security

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @user487596 ,

install it from Splunkbase I always use it: you'll find inside it useful Use Cases for ES.

Ciao.

Giuseppe

0 Karma

user487596
Explorer

@gcusello, what about MITRE ATT&CK Framework in Splunk Security Essentials, which, as I understand it, is already built in, Is it impossible to work with it or is it easier with your application?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @user487596 ,

yes, in Security Essentials App you have also a MITRE visualization, but I'm hinting to use the above MITRE ATT&CK app.

Ciao.

Giuseppe

0 Karma

user487596
Explorer

@gcusello , The application is cool, but I would like to understand the built-in capabilities. Is there any documentation or tips on how to set up visualization without third-party applications?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi  @user487596 ,

as I said, I always use the MITRE ATT&CK app, but if you want to use only the Security Essentials, see this:

https://docs.splunk.com/Documentation/SSE/3.8.0/User/MITREFramework

Ciao.

Giuseppe

0 Karma

user487596
Explorer

doesn't look like what i need, it's just a dashboard 
i need this https://docs.splunk.com/Documentation/ES/7.1.0/RBA/ViewMitreMatrixforRiskNotable#View_the_MITRE_ATT.... the problem is that the event doesn't have this (MITRE ATT&CK Posture for this Notable) information in notable... how to add it?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...